CVE-2020-25829

Опубликовано: 16 окт. 2020

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	4.3.5-1
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	not-affected	4.3.5-1
esm-apps/noble	not-affected	4.3.5-1
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was needs-triage
groovy	ignored	end of life

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-25829

CVSS3: 7.5

nvd

больше 5 лет назад

CVE-2020-25829

CVSS3: 7.5

debian

больше 5 лет назад

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x befo ...

GHSA-w93h-8xj5-rq44

CVSS3: 7.5

github

больше 3 лет назад

openSUSE-SU-2020:1687-1

suse-cvrf

больше 5 лет назад

Security update for pdns-recursor

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2020-25829

Описание

Пакет pdns-recursor

Ссылки на источники

Связанные уязвимости